FatBoyPanel malware threatens over 25M devices in India

How FatBoyPanel malware is draining bank accounts in India

By Akash Pandey

Apr 27, 2025

01:52 pm

---

What's the story

A malware, dubbed FatBoyPanel, is posing a major threat to over 25 million devices in India.

The cybercriminals behind this malicious software are employing social engineering tactics to fool unsuspecting users into downloading it.

Once installed on a device, the malware can steal sensitive data and one-time passwords (OTPs), resulting in unauthorized transactions and potential financial loss.

Malware details

Detected in 900 apps

FatBoyPanel is a mobile-first banking trojan that has been detected on nearly 900 different apps, mostly targeting Indians.

The malware works by impersonating a trusted entity or official and then sending a malicious Android Package Kit (APK) for installation.

Once installed, it accesses sensitive data and OTPs for carrying out unauthorized transactions, making it dangerous in the hands of attackers.

Advanced features

FatBoyPanel's centralized command structure

The malware employs a centralized command structure to control multiple variants across campaigns.

It abuses live phone numbers for OTP redirection and has exfiltrated data from over 25 million devices. This makes it more organized and dangerous than traditional banking trojans.

The malware also asks for permission to read SMS messages, allowing it to capture OTPs and bypass two-factor authentication in real-time.

Stealth tactics

Malware hides its icon after installation

FatBoyPanel uses a number of stealth tactics to maintain access and remain hidden. It hides its icon after installation and disables Google Play Protect.

Once the required permissions are granted, it embeds itself into the system and communicates with its control panel.

The attackers behind this malware often pose as government agencies or trusted services, sending fake APKs via WhatsApp to drive up installation rates among unsuspecting users.

Protection strategies

Preventive measures against FatBoyPanel malware

To protect yourself from such threats, avoid sideloading APKs and only use official app stores.

Keep Google Play Protect enabled to scan harmful apps. Opt for real-time threat detection by using mobile security software.

Verify app sources before installation and never trust unknown or unofficial links.

Check app permissions carefully to avoid granting SMS, call, or gallery access to unverified apps.